Date: Thu, 03 Oct 2019 09:58:24 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 241010] netipsec: key_dup_keymsg bcopy too much bytes Message-ID: <bug-241010-7501-ZQQ7OnAfQ3@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-241010-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-241010-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241010 --- Comment #2 from Andrey V. Elsukov <ae@FreeBSD.org> --- In general your approach looks correct, but I think you need to validate th= at bits field will not lead to out of the bounds access before trusting user's data and doing bcopy. Also, since this field was not checked properly in the past, it is possible that some IKE software doesn't fill it properly, and such change can break = some installations. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-241010-7501-ZQQ7OnAfQ3>